{"id":23775,"date":"2024-01-24T03:10:07","date_gmt":"2024-01-24T11:10:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/01\/24\/news-17505\/"},"modified":"2024-01-24T03:10:07","modified_gmt":"2024-01-24T11:10:07","slug":"news-17505","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/01\/24\/news-17505\/","title":{"rendered":"Update now! Apple releases patch for zero-day vulnerability"},"content":{"rendered":"\n

Apple has released new security updates for several products, including a patch for a zero-day vulnerability that could impact iPhones, iPad, Macs, and Apple TVs.<\/p>\n

Apple says it\u2019s aware of a report that the bug may have been exploited already. Further details about the nature of the vulnerability were not disclosed to give users enough time to install the updates.<\/p>\n

The updates may already have reached you if you automatically update, but it doesn\u2019t hurt to check you’re on the latest version<\/a>.<\/p>\n

If a Safari update is available for your device, you can get it by updating your iPhone or iPad<\/a> or updating your Mac.<\/a><\/p>\n

Updates are available for:<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n
Safari 17.3<\/a><\/td>\nmacOS Monterey and macOS Ventura<\/td>\n<\/tr>\n
iOS 17.3 and iPadOS 17.3<\/a><\/td>\niPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generation and later<\/td>\n<\/tr>\n
iOS 16.7.5 and iPadOS 16.7.5<\/a><\/td>\niPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation<\/td>\n<\/tr>\n
iOS 15.8.1 and iPadOS 15.8.1<\/a><\/td>\niPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)<\/td>\n<\/tr>\n
macOS Sonoma 14.3<\/a><\/td>\nmacOS Sonoma<\/td>\n<\/tr>\n
macOS Ventura 13.6.4<\/a><\/td>\nmacOS Ventura<\/td>\n<\/tr>\n
macOS Monterey 12.7.3<\/a><\/td>\nmacOS Monterey<\/td>\n<\/tr>\n
watchOS 10.3<\/a><\/td>\nApple Watch Series 4 and later<\/td>\n<\/tr>\n
tvOS 17.3<\/a><\/td>\nApple TV HD and Apple TV 4K (all models)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Technical details<\/h2>\n

The zero-day vulnerability is listed as CVE-2024-23222<\/a>: a type confusion issue in WebKit that was addressed with improved checks. This issue is fixed in tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Processing maliciously crafted web content may lead to arbitrary code execution.<\/p>\n

Type confusion can occur in interpreted languages such as JavaScript and PHP, which use dynamic typing. In dynamic typing, the type of a variable is determined and updated at runtime, as opposed to being set at compile-time in a statically typed language. A type confusion vulnerability means an attacker has the opportunity to change the type of a given variable in order to trigger unintended behavior.<\/p>\n

Several other vulnerabilities in WebKit, which is the browser engine that powers Safari and other apps, were patched as well.<\/p>\n

CISA<\/h2>\n

The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its\u00a0Known Exploited Vulnerabilities Catalog<\/a>, based on evidence of active exploitation. This means Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by February 13, 2024 in order to protect their devices against active threats.<\/p>\n

\n

We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Apple has released new security updates for several products including a patch for a zero-day vulnerability which may have been exploited. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,30765,22783,32,10753,11524],"class_list":["post-23775","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-cve-2024-23222","tag-exploits-and-vulnerabilities","tag-news","tag-webkit","tag-zero-day"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=23775"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/23775\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=23775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=23775"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=23775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}